Validate cipher updates with revision date (#994)

* Add last updated validation to cipher replacements * Add AutoFixture scaffolding. AutoDataAttributes and ICustomizations are meant to automatically produce valid test input. Examples are the Cipher customizations, which enforce the model's mutual exclusivity of UserId and OrganizationId. FixtureExtensions create a fluent way to generate SUTs. We currently use parameter injection to fascilitate service testing, which is nicely handled by AutoNSubstitute. However, in order to gain access to the substitutions, we need to Freeze them onto the Fixture. The For fluent method allows specifying a Freeze to a specific type's constructor and optionally to a parameter name in that constructor. * Unit tests for single Cipher update version checks * Fix test runner Test runner requires Microsoft.NET.Test.Sdk * Move to provider model for SUT generation This model differs from previous in that you no longer need to specify which dependencies you would like access to. Instead, all are remembered and can be queried through the sutProvider. * User cipher provided by Put method reads Every put method already reads all relevant ciphers from database, there's no need to re-read them. JSON serialization of datetimes seems to leave truncate at second precision. Verify last known date time is within one second rather than exact. * validate revision date for share many requests * Update build script to use Github environment path Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2025-06-30 15:42:48 -05:00 · 2020-11-23 08:48:05 -06:00
parent f311f40d93
commit edf30974dc
13 changed files with 440 additions and 73 deletions
--- a/src/Core/Services/Implementations/CipherService.cs
+++ b/src/Core/Services/Implementations/CipherService.cs
@ -57,8 +57,8 @@ namespace Bit.Core.Services
            _globalSettings = globalSettings;
        }

-        public async Task SaveAsync(Cipher cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null,
-            bool skipPermissionCheck = false, bool limitCollectionScope = true)
+        public async Task SaveAsync(Cipher cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
+             IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false, bool limitCollectionScope = true)
        {
            if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
            {
@ -91,6 +91,7 @@ namespace Bit.Core.Services
                {
                    throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
                }
+                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
                cipher.RevisionDate = DateTime.UtcNow;
                await _cipherRepository.ReplaceAsync(cipher);
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);
@ -100,7 +101,7 @@ namespace Bit.Core.Services
            }
        }

-        public async Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId,
+        public async Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
            IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false)
        {
            if (!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
@ -136,6 +137,7 @@ namespace Bit.Core.Services
                {
                    throw new ArgumentException("Cannot create cipher with collection ids at the same time.");
                }
+                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
                cipher.RevisionDate = DateTime.UtcNow;
                await _cipherRepository.ReplaceAsync(cipher);
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Updated);
@ -394,7 +396,7 @@ namespace Bit.Core.Services
        }

        public async Task ShareAsync(Cipher originalCipher, Cipher cipher, Guid organizationId,
-            IEnumerable<Guid> collectionIds, Guid sharingUserId)
+            IEnumerable<Guid> collectionIds, Guid sharingUserId, DateTime? lastKnownRevisionDate)
        {
            var attachments = cipher.GetAttachments();
            var hasAttachments = attachments?.Any() ?? false;
@ -431,6 +433,8 @@ namespace Bit.Core.Services
                    throw new BadRequestException("Not enough storage available for this organization.");
                }

+                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
+
                // Sproc will not save this UserId on the cipher. It is used limit scope of the collectionIds.
                cipher.UserId = sharingUserId;
                cipher.OrganizationId = organizationId;
@ -490,11 +494,11 @@ namespace Bit.Core.Services
            }
        }

-        public async Task ShareManyAsync(IEnumerable<Cipher> ciphers, Guid organizationId,
-            IEnumerable<Guid> collectionIds, Guid sharingUserId)
+        public async Task ShareManyAsync(IEnumerable<(Cipher cipher, DateTime? lastKnownRevisionDate)> cipherInfos,
+            Guid organizationId, IEnumerable<Guid> collectionIds, Guid sharingUserId)
        {
            var cipherIds = new List<Guid>();
-            foreach (var cipher in ciphers)
+            foreach (var (cipher, lastKnownRevisionDate) in cipherInfos)
            {
                if (cipher.Id == default(Guid))
                {
@ -511,18 +515,20 @@ namespace Bit.Core.Services
                    throw new BadRequestException("One or more ciphers do not belong to you.");
                }

+                ValidateCipherLastKnownRevisionDateAsync(cipher, lastKnownRevisionDate);
+
                cipher.UserId = null;
                cipher.OrganizationId = organizationId;
                cipher.RevisionDate = DateTime.UtcNow;
                cipherIds.Add(cipher.Id);
            }

-            await _cipherRepository.UpdateCiphersAsync(sharingUserId, ciphers);
+            await _cipherRepository.UpdateCiphersAsync(sharingUserId, cipherInfos.Select(c => c.cipher));
            await _collectionCipherRepository.UpdateCollectionsForCiphersAsync(cipherIds, sharingUserId,
                organizationId, collectionIds);

-            var events = ciphers.Select(c =>
-                new Tuple<Cipher, EventType, DateTime?>(c, EventType.Cipher_Shared, null));
+            var events = cipherInfos.Select(c =>
+                new Tuple<Cipher, EventType, DateTime?>(c.cipher, EventType.Cipher_Shared, null));
            foreach (var eventsBatch in events.Batch(100))
            {
                await _eventService.LogCipherEventsAsync(eventsBatch);
@ -790,5 +796,20 @@ namespace Bit.Core.Services

            return await _cipherRepository.GetCanEditByIdAsync(userId, cipher.Id);
        }
+
+        private void ValidateCipherLastKnownRevisionDateAsync(Cipher cipher, DateTime? lastKnownRevisionDate)
+        {
+            if (cipher.Id == default || !lastKnownRevisionDate.HasValue)
+            {
+                return;
+            }
+
+            if ((cipher.RevisionDate - lastKnownRevisionDate.Value).Duration() > TimeSpan.FromSeconds(1))
+            {
+                throw new BadRequestException(
+                    "The cipher you are updating is out of date. Please save your work, sync your vault, and try again."
+                );
+            }
+        }
    }
 }